Whitepapers

W64/Regin, Stage 1

In this document we describe the inner workings of the stage #1 of the complex malware threat by the name of Regin, specifically the version targeted at 64-bit machines running the Microsoft Windows operating system...

W32/Regin, Stage 1

In this document we analyze a set of 32-bit samples which represents stage #1 of the complex threat that is known as Regin. Based on our analysis of the malware's functionalities, this part of the Regin threat can be considered ...

BlackEnergy & Quedagh: The convergence of crimeware and APT attacks

H1 2014 Threat Report

The most notable trend in H1 2014 is the continued growth of ransomware and ransoming activities, on both desktop and mobile platforms. Meanwhile, Windows XP finally reached its end of life (EOL) mark on 8 April 2014...

Pitou: The "silent" resurrection of the notorious Srizbi kernel spambot

COSMICDUKE: Cosmu with a twist of MiniDuke

CosmicDuke - the first malware seen to include code from both the notorious MiniDuke APT Trojan and another longstanding threat, the information-stealing Cosmu family. When active on an infected machine, CosmicDuke will ...

Lecpetex: Virtual currency mining gets social

Trojan:W32/Lecpetex is a Bitcoin miner that spreads via in zipped files attached to social engineered Facebook messages. Once installed on a machine, the malware silently performs its Bitcoin mining, and contacts a command and control (C&C) server ...

Mobile Threat Report Q3 2013

In this quarterly report on mobile threats, we explore the latest news, including the "Masterkey" vulnerability and exploit apps; banking trojans; and other notable threats and trends for mobile malware in Q3 2013.

Mobile Threat Report Q1 2013

While the raw amount of Android malware continues to rise significantly, it is the increased commoditization of those malware that is the more worrying trend. The Android malware ecosystem is beginning to resemble to that which surrounds Windows, where highly specialized suppliers provide commoditized malware services.

Threat Report H2 2012

The report focuses on three things that stood out in the second half of 2012: botnets (with special reference to ZeroAcess), exploits (particularly against the Java development platform) and banking trojans (Zeus). Also discussed are multi-platform attack in which a coordinated attack campaign is launched against ...

Mobile Threat Report Q4 2012

The rise of Android malware can be largely attributed to the operating system's increasing foothold in the mobile market. Android's market share has risen to 68.8% in 2012, compared to 49.2% in 2011. On the threat side, its share rose to 79% in 2012 from 66.7% in 2011.

Mobile Threat Report Q3 2012

Despite Android's dominance in the mobile threat landscape, the Symbian malware scene is far from dead. 21 new families and variants were discovered in the third quarter of 2012, a 17% increase compared to the second quarter.

Threat Report H1 2012

One of the most pervasive trends we saw in the computer threat landscape in the first half of 2012 was the expanding usage of vulnerability exploitation for malware distribution. This phenomenon is directly tied to the recent improvement in exploit kits - toolkits that allow malware operators to automatically create exploit code.

Mobile Threat Report Q2 2012

After a while on the scene, Android malware has begun to explore new methods of infection. In May 2012, the first Android malware to use the drive-by download method was spotted in the wild. A simple visit to a malicious website could render a device with certain configuration infected.

Mobile Threat Report Q1 2012

In Q1 2012, 37 new malware families and variants were discovered, which nearly quadrupled the number of new malware discovery a year earlier, in Q1 2011. Majority of these malware reap profit from sending messages to premium-rate numbers or subscribing customers to a premium service.

Flashback OS X Malware

In 2011, we saw OS X come under siege by several malware families. Towards the end of the year, we saw new families or variants appear almost every week, where each was more sophisticated than the last. At the forefront of these developments was the Flashback malware.

Mobile Threat Report Q4 2011

Android malware continues to expand rapidly in the fourth quarter of 2011, with malware originating from Russia forming a significant presence in the scene. Malware seen in the Russian domain has been the most widely distributed, with a single variant alone being found on a thousand unique Android application package files (APKs).

It's Signed, therefore it's Clean, right?

This presentation discusses Authenticode signing, its usage by developers (particularly in the antivirus industry) and ways that code signing can be abused in order to spread malware and allow it to install